On-Demand
In order to register for a class, you need to first create a Dell Education account
If you need further assistance, contact us
Summary
Interested in hunting? Don’t know where to start? This course is a great place to begin as we will give you a recommended approach for identifying threats using the RSA NetWitness Platform.
Overview
This instructor-led course provides an overview of threat hunting and covers hunting tools, content and methodologies that can be used to proactively find suspicious behavior. Students will apply the techniques acquired in this course to identify anomalies and find threats in the environment using Packets, Logs and Endpoint
Audience
Anyone interested in hunting with the RSA NetWitness Platform
Duration
2 days
Prerequisite Knowledge/Skills
Students should have the following skills or taken the following training (or have equivalent knowledge) prior to attending this course:
• Introduction to the RSA NetWitness Platform
• RSA NetWitness Platform Foundations
• RSA NetWitness Platform Analysis
Course Objectives
Upon successful completion of this course, participants should be able to:
• Describe threat hunting and Incident Response roles
• Describe the Hunting Guide
• Describe the Hunting Methodology
• Describe the Hunting Pack meta
• Describe RSA NetWitness Platform hunting tools
• Identify protocol/service anomalies
• Identify indicators of malicious traffic
• Use hunting techniques, methodology and tools to detect threats
• Respond to incidents
• Report findings
Course Outline
What is threat hunting?
Investigation Model
NetWitness Hunting Guide
Hunting Methodology
NetWitness Hunting Pack
Hunting tools
Identifying protocol anomalies
Indicators of Compromise
Attack characteristics
Creating a security incident report
Hunting for threats
On-Demand
In order to register for a class, you need to first create a Dell Education account
If you need further assistance, contact us
